When you access a site in a browser or from a program, the traffic between your computer and the DNS server is not encrypted by default: the DNS server sends the domain name and it in turn returns the corresponding IP address, all in the clear.
The DNS over HTTPS (DoH) protocol encrypts DNS traffic to avoid the threat of “eavesdropping” on DNS traffic and determining which sites on the Internet are being connected to.
- Open “Settings” – you can do this using the “Win+I” hotkeys or from the Start button menu.
- Open the “Network and Internet” section, and under that open Wi-Fi or Ethernet, depending on which connection you want to enable DoH.
- In case Wi-Fi connection was selected, on the next screen click on “Hardware Properties”, for Ethernet go straight to the next step.
- Click “Change” under “DNS Server Assignment”.
- If the DNS settings are set to “Automatic”, change the value to “Manual”.
- Enable the IPv4 option and enter two DNS servers (preferred and secondary) for IPv4 from the list above, such as 184.108.40.206 and 220.127.116.11
- Select “Encrypted only (DNS over HTTPS)” in the “Preferred DNS encryption” field, specify the same value in the “Alternate DNS encryption” field.
- Do the same steps for IPv6, using the appropriate DNS servers.
- Save the settings you have made.